CentOS5.6 安装nginx1.0+php5.2.17+mysql5.1.56+APC(完整版)

1、软件列表
nginx-1.0.0.tar.gz(nginx主程序)
php-5.2.17.tar.bz2(php主程序)
mysql-5.1.56.tar.gz(mysql服务主程序)
php-5.2.17-fpm-0.5.14.diff.gz(fastcgi补丁)
PDO_MYSQL-1.0.2.tgz(pdo_mysql扩展。pdo是PHP连接数据库的统一接口,连接对应数据库需要对应的pdo驱动)
pcre-8.12.tar.gz(正则表达式库,编辑nginx支持重写需要)
mhash-0.9.9.9.tar.bz2(hash加密算法库,php需要)
mcrypt-2.6.8.tar.gz(php的加密扩展,必须先安装libmcrypt库)
libmcrypt-2.5.8.tar.gz(加密算法库,php扩展mcrypt功能对此库有依耐关系,要使用mcrypt必须先安装此库)
libiconv-1.13.1.tar.gz(加强系统对支持字符编码转换的功能)
memcache-2.2.6.tgz(memcache扩展接口,如果想要使用memcache功能,还要单独安装memcached软件)
ImageMagick-6.6.9-6.tar.bz2(ImageMagick图像处理主程序)
imagick-3.0.1.tgz(php扩展,图像处理)
go-pear.phar(php安装pear支持)
2、安装前准备工作
2.1、检查是否已经安装apache,php和mysql的rpm包
rpm -qa | egrep 'httpd|mysql|php'
如果有。yum remove 对应的软件
2.2、yum安装以下软件
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison file
yum -y install libtool libtool-libs autoconf kernel-devel
yum -y install libjpeg libjpeg-devel libpng libpng-devel  gd gd-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install glib2 glib2-devel bzip2 bzip2-devel libevent libevent-devel
yum -y install ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal nano sendmail
yum -y install fonts-chinese gettext gettext-devel
yum -y install ncurses-devel
yum -y install gmp-devel pspell-devel
yum -y install unzip

2.3、下载所需软件
mkdir -p /usr/local/soft
cd /usr/local/soft
wget -c http://www.nginx.org/download/nginx-1.0.0.tar.gz
wget -c http://cn.php.net/get/php-5.2.17.tar.bz2/from/this/mirror
wget -c http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
wget -c http://mirrors.sohu.com/mysql/MySQL-5.1/mysql-5.1.56.tar.gz
wget -c http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget -c http://pecl.php.net/get/memcache-2.2.6.tgz
wget -c http://pecl.php.net/get/imagick-3.0.1.tgz
wget -c http://sourceforge.net/projects/imagemagick/files/6.6.9-sources/ImageMagick-6.6.9-6.tar.bz2/download
wget -c http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
wget -c http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz/download
wget -c http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget -c http://pecl.php.net/get/APC-3.1.7.tgz
wget -c http://nchc.dl.sourceforge.net/project/pcre/pcre/8.12/pcre-8.12.tar.gz
wget -c http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget -c http://pear.php.net/go-pear.phar

3、安装相关程序
3.1、mysql安装
tar zxvf mysql-5.1.56.tar.gz
cd mysql-5.1.56
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/data/mysql/data/" \
"--with-comment=Source" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=gbk" \
"--with-collation=gbk_chinese_ci" \
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--with-plugins=all" \
"--without-ndb-debug"
make
make install
useradd mysql -d /data/mysql -s/sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start
cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done

3.2、安装php所需库文件
tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure --prefix=/usr/
make && make install
cd ..
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure --prefix=/usr
make && make install
/sbin/ldconfig
cd libltdl/
./configure  --prefix=/usr  --enable-ltdl-install
make && make install
cd ../..
tar jxvf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9
./configure --prefix=/usr
make && make install
cd ..
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure --prefix=/usr
make && make install
cd ..

3.3、安装PHP
tar jxvf php-5.2.17.tar.bz2
gzip  -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cd php-5.2.17
./configure --prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--with-mysql=/usr/local/mysql/ \
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/ \
--with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr/ \
--enable-xml --disable-rpath --enable-discard-path  --enable-bcmath \
--enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \
--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring \
--with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl \
--enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist  /usr/local/php/etc/php.ini
/usr/local/php/bin/php go-pear.phar

3.4、安装PHP扩展模块
tar  zxvf memcache-2.2.6.tgz
cd memcache-2.2.6
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
cd ..
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config  --with-pdo-mysql=/usr/local/mysql/
make && make install
cd ..
tar jxvf ImageMagick-6.6.9-6.tar.bz2
cd ImageMagick-6.6.9-6
./configure
make && make install
cd ..
tar zxvf imagick-3.0.1.tgz
cd imagick-3.0.1
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install

3.5、安装nginx1.0
tar zxvf pcre-8.12.tar.gz
cd pcre-8.12
./configure --prefix=/usr
make &&make install
cd ..
tar zxvf nginx-1.0.0.tar.gz
cd nginx-1.0.0
./configure --prefix=/usr/local/nginx --user=nobody --group=nobody \
--with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module\
--with-sha1=/usr/lib --with-md5=/usr/lib
make && make install

4、修改相关配置文件
4.1、修改/usr/local/php/etc/php.ini启用扩展库文件
找到”extension_dir = “./”"此行,
修改为:extension_dir = “/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/”
添加如下3行:
extension=”memcache.so”
extension=”pdo_mysql.so”
extension=”imagick.so”
验证php加载模块使用 /usr/local/php/bin/php -m
4.2、修改/usr/local/php/etc/php-fpm.conf配置文件。
使用 :set nu显示行号。
(原)41                         <value name="listen_address">127.0.0.1:9000</value>
(改)41                         <value name="listen_address">/tmp/php-cgi.sock</value> #个人习惯,比较喜欢使用sock。
(原)63                 <!--    <value name="user">nobody</value>     -->#进程的所有者
(原)66                 <!--    <value name="group">nobody</value>     -->#进程的所有组,默认都为nobody
(改)                              <value name="user">nobody</value>
(改)                              <value name="group">nobody</value>
59                 <!--    <value name="display_errors">0</value>   --> #是否显示错误,1为关闭显示错误,0为打开错误显示,调试期间可以打开
79                             <value name="max_children">5</value> #为客户端服务的最大进程数
86                             <value name="StartServers">20</value> #启动时创建的进程数
<value name="MinSpareServers">5</value> #最小空闲进程数
94                             <value name="MaxSpareServers">35</value>#最大空闲进程数
(原)107                        <value name="request_slowlog_timeout">0s</value> #默认关闭慢查询,建议还是打开,对性能分析有好处
(改)107                        <value name="request_slowlog_timeout">5s</value>
(原)113                        <value name="rlimit_files">1024</value> #设定打开文件的限制
(改)113                        <value name="rlimit_files">51200</value>
132                         <value name="max_requests">5000</value> #设置大可以接受的请求数
137                        <value name="allowed_clients">127.0.0.1</value> #允许连接的客户端

启动php-cgi
Usage: /usr/local/php/sbin/php-fpm {start|stop|quit|restart|reload|logrotate}
/usr/local/php/sbin/php-fpm start

4.3、修改/usr/local/nginx/conf/nginx.conf配置文件
使用 :set nu显示行号。
2    user  nobody; #取消注释
12  events {
13       use epoll; #工作模式
14       worker_connections  51200;
15     }
36      server {
37         listen       80;
38         server_name  localhost;
66         location ~ \.php$ {
67
68                 if ( $fastcgi_script_name ~ \..*\/.*php ) {
69                         return 403;
70                 }
71             root           html;
72             fastcgi_pass   unix:/tmp/php-cgi.sock;
73             fastcgi_index  index.php;
74             fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
75             include        fastcgi.conf; #启用fastcig.conf配置文件
76         }

/usr/local/nginx/sbin/nginx  -t -c /usr/local/nginx/conf/nginx.conf  #测试配置文件是否正确
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

5、安装APC加速PHP
tar -zxvf APC-3.1.7.tgz
cd APC-3.1.7
/usr/local/php/bin/phpize
./configure --enable-apc --enable-apc-mmap --with-php-config=/usr/local/php/bin/php-config
make && make install

结果:
Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
Installing header files:          /usr/local/php/include/php/
编辑php.ini,在最后加入[APC]下面的代码:
[APC]
extension = apc.so
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 1
apc.num_files_hint = 0
apc.ttl = 0
apc.gc_ttl = 3600
apc.cache_by_default = on
完成后,重新启动fastcgi,通过phpinfo函数看到下面信息就算成功了

6、安全相关

6.1、关于fastcgi存在的一个上传漏洞,详见:http://www.80sec.com/nginx-securit.html

6.2、php禁用函数,注意,是一行
disable_functions = set_time_limit,system,exec,shell_exec,,passthru,proc_open,
proc_close,proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport,syslog,
popen,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,
posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,
posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,
posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,
posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,
posix_strerror,posix_times,posix_ttyname,posix_uname,dl,socket_listen,socket_create,
socket_bind,socket_accept,socket_connect,stream_socket_server,stream_socket_accept,
stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,zlib.compress,
gzopen,gzpassthru,gzcompress,phpinfo

posted @ 2011-08-16 08:59  【小洲】  阅读(1888)  评论(0编辑  收藏  举报